http://www.internetworld.com/print/current/infrastructure/19990104-security.html Security Megers Shift Product Lines by Lawrence D. Dietz January 4, 1999 With a growing number of large corporations seeking security products and services from one source, vendors are striving to meet that demand. In many cases, vendors will be offering products in 1999 that are the result of technologies acquired last year. For example, Network Associates acquired Dr. Solomon's for its virus detection software, Security Networks Inc. for its vulnerability assessment products, and Trusted Information Systems for its firewalls. Meanwhile, Axent merged with Raptor, another firewall vendor, and strengthened its professional services group by acquiring Secure Network Consulting. Other companies to watch include VeriSign, which joined the professional services group bandwagon when it picked up SecureIT of Atlanta, and Security Dynamics, which acquired Intrusion Detection Inc. to enter the vulnerability and scanning sector. Another likely impact of these mergers and acquisitions will be a split in the market. On one hand, corporations will work with large vendors that provide a wide range of products and sources. Yet they will be able to turn to speciality vendors that offer a "best-in-class" solution for unique security requirements. Other security vendors, including large networking vendors and Internet service providers, will be offering products and services for companies that do not have the capability of setting up their own secure networks. For example, GTE Internetworking has a suite of five security consulting services, including security design and implementation, penetration, and testing. "Our SecureNet offerings help customers lower network operating costs, effectively manage information and technology risks, and reduce the time it takes to get a secure network up and running," said Adam Lipson, director, professional services, at GTE CyberTrust. To round out their product offerings, companies are establishing partnerships. Specialty IS vendors such as Check Point Software and Internet Security Systems are integrating complementary products. Vendors with a broad IS product line, such as Network Associates, are working with complementary service providers such as Ernst & Young. For example, Ernst & Young will identify unique attacks and vulnerabilities using Network Associates' CyberCop product. The information will become part of an Ernst & Young library that will be shared with customers. With the rise of electronic commerce, some analysts are also predicting that the greatest growth area for security products will involve public key infrastructures and certificate authorities. International concerns Because many corporations have global operations, many information security managers will be dealing with regulations from a number of political jurisdictions. The European Union, for example, has a privacy policy that is considered to be far more stringent than policies in the United States. Web site operators in the European Union must have a privacy policy prominently posted and adhere to it, and organizations there are prohibited from exporting data to any destination that does not have the same protection in place. For companies and organizations that need consumer data for their operations, this is an important issue. As a result, the complex data privacy laws will require greater attention and will likely drive legal costs higher in 1999 and beyond. Export regulation for such technology as encryption products is another area likely to be important in 1999. The struggle continues between the U.S. government, with its desire for stronger export restrictions, and U.S. vendors with their desire for less restriction. So far, the government seems to be winning. As a result, U.S. firms will need to continue monitoring the type of encryption software used abroad and look for products that will work with any "standard" encryption algorithm allowing for agility in employing export-legal software. Y2K: Bonanza or disaster? Organizational efforts focusing on the Y2K problem will have uncertain effects on information security. Many industries and organizations are ahead of the power curve and have instituted strong compliance measures so that the turn of the clock from Dec. 31, 1999, to Jan. 1, 2000, will be a non-event. Some information security managers might be able to reallocate budget dollars from unused Y2K projects to needed security projects. IS managers working at organizations that failed to address Y2K problems might find their third- and fourth-quarter budgets summarily redirected to mission-critical applications in need of updates. Perhaps the greatest uncertainty of Y2K is how many hackers plan to use the uncertainty surrounding the date change to cover their own nefarious activities. Lawrence D. Dietz is director, information security and legal strategies, of Santa Clara consulting firm Current Analysis. His biweekly column, The Security Professional, will begin in the next issue. You can contact him at ldietzat_private -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:15:18 PDT